Privacy guide

Children's data privacy in India: what parents should know.

How Indian apps and websites handle children's data, why DPDP treats it carefully, and what parents can check before kids sign up.

The simple answer

Children's data is treated with extra care because children may not understand what they are agreeing to, and the data can follow them for years. Apps aimed at or used by children should handle this carefully.

DPDP-style thinking expects stronger protection for children, including parental consent and limits on tracking and targeting. In practice, parents still need to check what an app actually collects.

What to check

1
Check whether the app knows the user is a child.

If this is unclear, treat it as a signal to ask the company for a plain-English explanation.

2
Look for parental consent steps.

If this is unclear, treat it as a signal to ask the company for a plain-English explanation.

3
Ask whether children data is used for ads or nudges.

If this is unclear, treat it as a signal to ask the company for a plain-English explanation.

4
Review what profile and behaviour data is stored.

If this is unclear, treat it as a signal to ask the company for a plain-English explanation.

From our investigation

A child's data trail starts early.

State of Privacy flags children contexts because learning and play flows can build a detailed record of a child, not just a customer. That makes consent and limits especially important.

What to do next

1
Set up accounts with the child age stated honestly.

Keep it practical: take one action, save proof, and avoid giving more data than the task needs.

2
Limit permissions and turn off optional tracking.

Keep it practical: take one action, save proof, and avoid giving more data than the task needs.

3
Ask platforms how children data is protected and deleted.

Keep it practical: take one action, save proof, and avoid giving more data than the task needs.

People also ask

Is children's data treated differently?

It is widely expected to get stronger protection, including parental consent and limits on targeting, though specifics depend on implementation.

Can apps show my child targeted ads?

Targeting children raises serious concerns; check the app settings and policy and limit ad personalisation.

What can parents do?

State the child age honestly, limit permissions, and ask how the data is protected and deleted.

If you are a company
Check your own website.

How many trackers run on your pages? Does your privacy policy name them? Can you answer a data-rights email? If you don't know, we can help you find out.

Talk to Meridian Bridge Strategy →
Your right under Indian law
Mera data mera hai.

Your personal data belongs to you. Under DPDP, every company must tell you what they have and delete it if you ask. One email is all it takes.

Get the template email →
Read the full investigation.

We investigated 107 Indian company websites. The public report shows what we found.

Read the reportTry the experience